Cybercriminals have been said to look for the path of least resistance when they target businesses or online marketplaces to steal data or money.
And, increasingly, online gaming platforms – attractive to bad guys because of their scale and relative anonymity – are in the crosshairs.
In a recent headline-grabbing event, video game developer Valve Corp. has said it is stopping the exchange of “container keys” between players competing in games like Counter Strike, which is available on the Steam online marketplace.
In an announcement late last month, Valve said “almost all” key exchanges were “considered to be of fraudulent origin.”
The Economist noted that the announcement is a “rare admission of the growing problem of using video games to facilitate financial crime.”
The overall utility of container keys has been that players bought the keys with cash and used them to earn rewards in the Counter Strike game, such as weapons. The keys, according to reports (but not confirmed so far by Valve or Steam), were purchased with stolen cards and traded in the Steam Marketplace. While money cannot be withdrawn from Steam accounts, it appears that a secondary market has formed as other sites offered cards “loaded” for sale – by scammers for real money.
The practice may have been stopped there, at least, but it highlights how black markets for (stolen) assets and credentials continue to proliferate around the world and target markets. virtual verticals.
In an interview with PYMNTS, Peter Cavicchia, senior vice president of corporate services at Fiserv (where his role includes overseeing the company’s corporate cybersecurity and fraud organizations), said Valve / Steam news are coming as gamers (and gaming sites, of course) embrace more trading and funding mechanics across various platforms.
The goal for the bad guys is to monetize trade and finance, either by emptying bank accounts or by selling off assets that have been compromised.
In the case of Steam and elsewhere, the methods used to gain access have likely been the same: stealing phishing passwords and even malware. Scammers are able to collect hundreds or thousands of credentials across games and platforms, then go elsewhere to advertise those credentials (perhaps stored as a digital wallet) and earn $ 25 or $ 100 or more on a quick sale.
Just a username and password is no longer enough, Cavicchia said. There must be additional layers of defense, covering the use of trusted devices, and alerts sent to players about new logins (or attempts) or account changes.
The same principles therefore apply to virtual and real currency and trading, and require the joint efforts of traders, platforms, financial institutions – and gamers, too.
The tools are there, but the state of mind matters. Consider the results of Fiserv’s 2019 Cyber Security Awareness Study, which found that 55% of respondents know their financial data online is vulnerable, but only 6% are doing anything to protect it.
The challenge of boosting protection on the part of the players themselves is a bit greater than what might be seen elsewhere, given that young participants, including teens, might be less educated on how to protect their data. .
“It’s going to take a bit of proactivity on gaming platforms” to incorporate and offer the same controls that already exist with online merchants and banks, Cavicchia told PYMNTS, particularly with time alerts. real via push messages, biometrics and analytics.
These lines of defense, useful in any context, are particularly important on gaming platforms that include online play, where a number of factors converge to ensure that users are authenticated before they are. allowed to participate. Once inside the platform, Cavicchia said, trader analytics and artificial intelligence (AI) can help identify suspicious behavior.
“Gaming transactions and the financing mechanisms associated with them must be protected in the same way as e-commerce transactions would be,” he said.